Oracle Linux 6269 Published by

Updated kernel packages has been released for Oracle Linux 7



Oracle Linux Bug Fix Advisory ELBA-2018-2198

http://linux.oracle.com/errata/ELBA-2018-2198.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-862.9.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-862.9.1.el7.noarch.rpm
kernel-debug-3.10.0-862.9.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.9.1.el7.x86_64.rpm
kernel-devel-3.10.0-862.9.1.el7.x86_64.rpm
kernel-doc-3.10.0-862.9.1.el7.noarch.rpm
kernel-headers-3.10.0-862.9.1.el7.x86_64.rpm
kernel-tools-3.10.0-862.9.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.9.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.9.1.el7.x86_64.rpm
perf-3.10.0-862.9.1.el7.x86_64.rpm
python-perf-3.10.0-862.9.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-862.9.1.el7.src.rpm



Description of changes:

[3.10.0-862.9.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.9.1.el7]
- [iscsi-target] Fix iscsi_np reset hung task during parallel delete
(Maurizio Lombardi) [1583593 1579217]

[3.10.0-862.8.1.el7]
- [x86] always enable eager FPU by default on non-AMD processors (Paolo
Bonzini) [1589051 1589048] {CVE-2018-3665}
- [net] nf_reset: also clear nfctinfo bits (Florian Westphal) [1588458
1572983]
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU
features (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user
settable (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] kvm: vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] kvm: svm: Implement VIRT_SPEC_CTRL support for SSBD (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable
support (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584323 1584569]
{CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long)
[1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Make "seccomp" the default mode for Speculative
Store Bypass (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] seccomp: Move speculation migitation control to arch code
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Add filter flag to opt-out of SSB mitigation (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] prctl: Add force disable speculation (Waiman Long) [1584323
1584569] {CVE-2018-3639}
- [x86] spectre_v2: No mitigation if CPU not affected and no command
override (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman
Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream
(Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long)
[1584323 1584569] {CVE-2018-3639}

[3.10.0-862.7.1.el7]
- [linux] fsnotify: Fix fsnotify_mark_connector race (Miklos Szeredi)
[1584684 1569921]

  Kernel Bug Fix Update for Oracle Linux 7